News and Events

April 04, 2016

NCCoE cybersecurity engineer, Bill Fisher, will discuss how ABAC enables organizations to take into account contextual factors when managing identity and access control, allowing for more granular analysis and therefore better access decisions. 

Hosted by NCCoE partner, NextLabs, the webinar will explore why ABAC is becoming a priority for many organizations and how it can be implemented to reduce the risk of cyber breaches and internal misuse of sensitive information. 

Date: Tuesday, April 5, 2016
Time: 12:00 p.m. ET - 1:00 p.m. ET

March 29, 2016

NCCoE Security Engineer Bill Fisher will present "ABAC: Run-time Access Control for Federated Identities" during the NIST session from 8:30am-12:00pm at the Federal Labs Technology Demonstrations and Discussions in College Park, Md.

February 28, 2016

The NCCoE will be participating with NIST at the RSA Conference 2016 at Moscone Center in San Francisco, CA.

November 22, 2015

A survey this spring of 1,800 federal information security professionals revealed that the government’s security posture hasn’t improved over the past two years. So, what should the U.S. government do to tackle this problem head on?

For instance, the National Cybersecurity Center of Excellence released a guide for controlling user access to systems based not on role or job title but on user attributes, such as certifications, IP address, group, employee status, etc. This will make it easier for IT departments to terminate network access instantly for the thousands of employees who leave the payrolls every year.

October 29, 2015

As an organization, we've put a stake in the ground on re-framing the way enterprises approach security by placing identity at the center of that framework. We're constantly thinking about how we can better equip our customers with the tools and knowledge they need to embrace the shift to this approach, which we call Identity Defined Security.

To that end, we recently teamed up with National Cybersecurity Center for Excellence (NCCoE) at the National Institute of Standards and Technology to develop a practical resource for identity and access management.

October 06, 2015

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence on Sept. 30, 2015, released this report to help organizations to secure and control access to information systems.

October 01, 2015
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has started to seek public comments on a draft guide for the implementation of an attribute-based access control system.
ABAC systems work to help corporate and public organizations manage an individual’s access rights to data networks and related systems based on the user’s certification, title, training and other attributes, NIST said Wednesday.
September 30, 2015

The National Institute of Standards and Technology (NIST) recently published draft guidance on how organizations can improve their approach to data security.

The guide discusses how using an attribute based access control (ABAC) system could be more flexible and efficient, and also why this approach may be preferred over using a role-based access control (RBAC) system. The National Cybersecurity Center of Excellence (NCCoE) is currently accepting comments on the draft, a NIST release stated.

September 30, 2015
In what NIST has dubbed a "practice guide," agencies have information to help them recreate an example solution, which is based on commercial technologies and references NIST standards and industry best practices.
The guide comes out of a public-private partnership called the National Cybersecurity Center of Excellence.
September 29, 2015

As part of its efforts to provide practical solutions to real-world cybersecurity challenges, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is requesting comments on a draft guidance to help organizations better control access to information systems.

September 28, 2015
Today, we’re witnessing a big step forward in this effort. The National Cybersecurity Center of Excellence (NCCoE) – part of the Federal government’s National Institute of Standards and Technology (NIST) – is releasing a draft NIST Cybersecurity Practice Guide SP 1800-3, demonstrating the use of Attribute Based Access Control (ABAC).
August 16, 2015

The Maryland-based National Cybersecurity Center of Excellence is searching for industry sources to develop a cybersecurity system intended to help control access to information technology assets. 

Contractors would design three projects around access control, personal identity verification credentials and mobile devices, theNational Institute of Standards and Technology said Friday.

August 13, 2015

Today's Federal Register contains notices inviting technology vendors to collaborate with the NCCoE on three new projects to provide mobile device security, attribute based access control, and derived personal identity verification (PIV) credentials for mobile devices. Commercially available and open source products will be the modules in end-to-end example solutions to these challenges. All collaborators will enter into a Cooperative Research and Development Agreement (CRADA; see an example) with NIST in order to participate in a consortium for each build team. The projects will result in NIST Cybersecurity Practice Guides that show organizations how they can adopt these or similar capabilities.

April 01, 2015

NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted a revised draft white paper that will inform projects aimed at helping companies better manage who has access to their IT assets. This project is an NCCoE “building block,” which are example cybersecurity implementations that apply to multiple industry sectors and can be incorporated into many of the center's sector-specific use cases.

March 23, 2015

Bill Fisher, an NCCoE IT security specialist who leads the center's attribute based access control building block, will speak at the Radiant Logic Attribute Based Access Control event on March 24, 2015, in Washington, D.C.

February 24, 2014

NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations develop capabilities for attribute based access control, the other to help enterprises address security issues that result from the use of mobile devices to access company resources. The NCCoE invites the public to comment on the draft documents. The comment period is open until March 28, 2014.